Security Weekly Podcast Network (Video)

In this episode we will discuss the overarching importance of securing privileged access throughout the organization as it relates to the overall security posture and compliance requirements. CyberArk's Principle Solutions Engineer Matt Tarr will explain the principle of least privilege, its regulatory and security aspects, and how least privilege can be enforced in a real-life implementation. He will also discuss concepts such as just-in-time privileged access, endpoint security, multi-factor authentication, password rotation and other important aspects of managing identity security and privileged access security as it relates to regulation including PCI DSS, GBLA and others. This segment is sponsored by CyberArk. Visit https://securityweekly.com/cyberark to learn more about them! Endpoint Privilege Manager Free Trial: https://www.cyberark.com/products/privileged-account-security-solution/endpoint-privilege-manager/endpoint-privilege-manager-free-trial/ Blueprint for PAM Implementation: https://www.cyberark.com/blueprint/ Visit https://www.securityweekly.com/scw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/scw39

Matt discusses his position on the Solutions Engineering team at CyberArk. He talks about how his 15 years in Systems and Sales Engineering roles adds a layer of experience at CyberArk. Matt will then explain how CyberArk provides "Security for the Heart of the Enterprise" by adding a layer of security around privileged accounts. This segment is sponsored by CyberArk. Visit https://securityweekly.com/cyberark to learn more about them! Endpoint Privilege Manager Free Trial: https://www.cyberark.com/products/privileged-account-security-solution/endpoint-privilege-manager/endpoint-privilege-manager-free-trial/ Blueprint for PAM Implementation: https://www.cyberark.com/blueprint/ Visit https://www.securityweekly.com/scw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/scw39

In the Leadership and Communications section, CISOs say new problem solving strategies required, How Remote Work is Reshuffling Your Security Priorities and Investments, Security Jobs With a Future -- And Ones on the Way Out and more! Visit https://www.securityweekly.com/bsw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/bsw184

Jeff Costlow, Deputy CISO at ExtraHop, will discuss the challenges of detecting and patching Ripple20. Ripple 20 is a series of zero-day vulnerabilities in a widely used low-level TCP/IP software library developed by Treck, Inc. There are two primary attack vectors: Internet Protocol and Domain Name Services. Jeff will discuss ExtraHop's approach to detecting these devices and provide a quick demo of the solution. This segment is sponsored by ExtraHop Networks. Visit https://securityweekly.com/ to learn more about them! Visit https://www.securityweekly.com/bsw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/bsw184

Microsoft Bug Bounty Programs Year in Review: $13.7M in Rewards, In-band key negotiation issue in AWS S3 Crypto SDK for golang, Re­VoL­TE attack can decrypt 4G (LTE) calls to eavesdrop on conversations, Hardware Security Is Hard: How Hardware Boundaries Define Platform Security, How to make your security team more business savvy, and more! Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/asw118

Cesar will demonstrate breach path prediction as well as other features. This segment is sponsored by Accurics. Visit https://securityweekly.com/accurics to learn more about them! Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/asw118

It s not uncommon to find the traditional vulnerability assessment report buried under the CISO family picture, compliance books, and his latest blood pressure test. These reports highlight the never-ending battle between security and IT about what s more important: risks to servers and endpoints, or keeping the environment up-to-date and secured. There are even problems within the ranks of each unit. Dysfunctional processes, lack of efficient communication, and rudimentary tools put even more pressure on the CIO and CISO. This segment is sponsored by Vicarius. Visit https://securityweekly.com/vicarius to learn more about them! Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/psw662

This week, Amazon Alexa One-Click Attack Can Divulge Personal Data, Adobe tackles critical code execution vulnerabilities in Acrobat, Reader, Threat actors managed to control 23% of Tor Exit nodes, SANS Security Training Firm Hit with Data Breach, Unskilled hackers can breach about 3 out of 4 companies, TeamViewer flaw can allow hackers to steal System password, and more! Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/psw662

Elastic believes that transparency and collaboration must be the new norm for the greater infosec community to succeed in stopping threats at scale. With many individuals now working from home, new endpoints need to be secured and IT teams are rushing years of planning into a few months to onboard distributed employees and resources – all while managing a global shift that is bringing new adversary behaviors targeting the new remote workforce. Organizations need to react fast, implement new controls, and do it all while managing existing budgets and staff. Making Elastic endpoint security completely free and open helps level the playing field for organizations that are struggling with the typically high cost and complexity of adopting effective endpoint security. This segment is sponsored by Elastic. Visit https://securityweekly.com/elastic to learn more about them! Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/psw662

Security professionals need to be thinking of the next evolution of the approach from working from home, specifically focusing on the security of the home network for both employees and third party contractors. Stephen Boyer, Co-Founder and CTO, discusses how to rate the risk of these new attack vectors using data BitSight already has... This interview is sponsored by BitSight. To learn more about them, visit: https://securityweekly.com/bitsight ThreatLocker CEO, Danny Jenkins explains why his new approach of blocking everything that is not trusted and only allowing those applications that are approved, is a cleaner and more comprehensive approach to ensuring malware does not end up on your networks. This interview is sponsored by ThreatLocker. To learn more about them, visit: https://www.securityweekly.com/threatlocker Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw194